So what tool would be used to extract the static information from the site conveniently? Or does it still need a running instance of Drupal to function? Cause that would still leave you vulnerable to Drupal exploits basically.
There are various things you could do with the headless Drupal: you could put it behind a Firewall or enable access control where only your front-end Gatsby.js app can have access to.
